PATENT 
P55690 

REMARKS 

The Examiner stated that the disclosure is objected to under 37 C.F.R. 1.71 as being so 
incomprehensible as to preclude a reasonable search of the prior art by the Examiner, and that , for 
example, the various elements of the invention and how they interact, and how the digital content 
is protected from illegal copying. 

The disclosure including the drawings has been amended to facilitate readability and to ease 
the Examiner's difficulty in searching the prior art. 

The specification has been rearranged , modified, and deleted the repetitive portions. No new 
matter has been added. 

Reconsideration of the rejections and objections is requested. Should any questions remain 
unresolved, the Examiner is requested to telephone Applicant's attorney. 

A Letter to the Office Draftsman accompanies this response. Indication in subsequent Office 
correspondence of the acceptance to the drawing corrections proposed in the Letter, is requested to 
enable Applicant to timely arrange for the corrections to be made prior to the date for payment of 
any issue fee. 
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A fee of $ 1 1 0.00 is incurred by filing of a petition for a one month extension of time, set to 
expire on December 2 1 , 2002. Applicant's check drawn to the order of Commissioner accompanies 
this Amendment. Should the check become lost, be deficient in payment, or should other fees be 
incurred, the Commissioner is authorized to charge Deposit Account No. 02-4943 of Applicant's 
undersigned attorney in the amoimt of such fees. 



1522 "K" Street N.W 
Suite 300 

Washington, D.C. 20005 
(202) 408-9040 

Folio: P55690 
Date: 12/5/02 
I.D.: REB/JHP 



Respectfixlly submitted, 




Robert E. Bushnell, 
Attorney for the Applicant 
Registration No.: 27,774 
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VERSION WITH MARKINGS TO SHOW CHANGES MADE 
IN THE SPECIFICATION 

Please enter the following amendments to the originally filed specification and Abstract, for 
the purpose of preparing a Substitute Specification and Abstract: 



TITLE 

COPY PROTECTION SYSTEM 
FOR PORTABLE STORAGE MEDIA 



CLAIM FOR PRIORITY 

This application makes reference to, incorporates the same herein, and claims all rights 
accruing thereto under 35 U.S.C. §119 through our patent applications entitled The Digital Content 
Encryption Apparatus And Method Thereof earlier filed on the 24* day of September 1998 in the 
Korean hidustrial Property Office and there duly assigned Serial Nos. 1 998/39808 and 1 998/39809. 



FIELD OF THE INVENTION 

The present invention is generally related to encryption processes and apparatus, and, more 
particularly, to secure and robust processes and apparatus for the generation and use of keys in the 
transmission and replay of digital information for licensed Secure Digital Music Initiative ( SDMI) 
compliant modules such as personal computers and SDMI compliant portable devices in conjunction 
with Intemet service content provider and^ certificate authority. 
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BACKGROUND ART 

Recently, with the flood of information provided by various media such as broadcasting and 
press, an atmosphere has been created by the information providers who are interested in providing 
integrated information that covers all of the media. Other users want to selectively receive a specific 
item of digital information fi-om the entire spectrum of information available fi-om a particular 
information provider (IP). Accordingly, a digital content transmission system has been formed by 
the information providers who convert various types of information into a digital form and store this 
digital information, and the users who subscribe to this digital information system fi'om the 
information provider via the network. Digital information transmission systems endow an 
application program with easy downloadability of the digital content. The user can get all the 
information desired by using this application program to access the digital information system 
through the network. 

The digital information may be provided to the user either for pay or for firee. In case of paid 
digital information, the server who [provide] provides the digital information via the transmission 
system sets the service fee. The service server charges the user according to the quantity of 
information used when the digital information is downloaded to the user. MPEG software protocol 
for example, compresses audio files to a firaction of their original size, but has little perceptible 
[affect]effect upon the quality of the audio sound. MPEG software protocol is now widely used by 
Internet sites offering digitalized music, and is reported to be conmionly used to offer digitalized 
versions of recorded music without the consent of the musicians. When a user is connected to a 
server that provides digital information commercially via a network, a few of the users maybe able 
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to inadvertently or illegally copy the digital information, a practice that, as was recently noted by 
Interdeposit and the French Agency for the Protection of Programs, a member of the European 
Association of Authors and Information Technology Professional, in the Patent, Trademark & 
Copyright Journal^ volume 57, No. 1416, page 385 (11 March 1999), would be economically 
damaging to both the musicians and to the server who is running the digital information transmission 
system. Currently, the server, as well as the musicians, can do little more than seek redress by 
undertaking civil and criminal action in an effort to control the possibility of imlicensed reception 
of digital information. We have noticed that there is a need for a technique to preserve transmission 
security of revenue bearing information while restricting access to the information by imauthorized 
entities and preventing imauthorized users from using any of the information that they may be able 
to illicitly obtain from the information provider by restricting the ability of the unauthorized users 
to decrypting whatever information they manage to obtain via the system. 

Also> it is difficult to prevent the illegal copv of the supplied digital contents or the codec 
recorded on the portable medium if the portable medium is copied after the digital content has been 
su pplied to a user and recorded on the portable medium. 

In particular, the MP3 which is the audio data of the above digital contents is downloaded 
to the first content output unit as well as the second content output unit such as an MP3 player and 
then reproduced. In the meantime, the MP3 is downloaded to a content storage imit such as a 
smartmedia card built in the first content output unit, and the MP3 downloaded in the content storage 
unit is reproduced through the second content output unit. 

However, as stated above, there is a drawback in that the digital data downloaded to the first 
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and second content output units and the content storage unit are easily copied to be illegally 
distributed 

SUMMARY OF THE INVENTION 

It is therefore, one object of the present invention to provide improvements in cryptographic 
processes and apparatus. 

It is another object to provide a secure and robust digital encryption process and apparatus. 

It is yet another object to provide digital encryption processes and apparatus endowing a 
system with secure and robust copy protection for [LCM's (/.e.Ja licensed [SDMI (/.e.,] secure 
digital music initiative[)] compliant [modulesj module such as personal computers[)] and [PD ' s (/. e, , 
SDMI compliant] portable devices such as disk and DVD players[)] in conjmction with [ISP (/.e.J 
Internet service provider[)] and [CA (/.e^Ja certificate authority[)]. 

It is still another object to provide digital encryption processes and apparatus able to encrypt 
and transmit digital information received from a transmission system, by the use of multiple 
cryptographic keys. 

It is still yet another object to provide digital encryption processes and apparatus for 
generating and using multiple cryptographic keys dxiring the transmission of digital information to 
a user. 

It is a further object to provide digital encryption processes and apparatus that employ user 
information in the generation and use of multiple cryptographic keys during the transmission of 
digital information to the user. 
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It is a yet further object to provide digital encryption processes and apparatus able to encrypt 
and transmit digital information obtained from a transmission system by using multiple 
cryptographic keys, and to decrypt and play the digital information at the terminal of the user by 
using a plurality of keys, one of which is common to the multiple keys. 

It is a still fiirther object to provide digital encryption processes and apparatus able to encrypt 
and transmit digital information obtained from a transmission system by using key information, a 
user's key, and a temporary validation key, and to decrypt and play the digital information at the 
terminal of the user by using the key information and user authorization information. 

It is still yet a fiirther object to provide encryption, transmission and reception protocols 
enabling encryption, transmission and decryption of digital information received from a transmission 
system. 

It is an additional object to provide encryption, transmission and reception protocols enabling 
encryption and transmission of digital information received from a transmission system by using 
multiple keys to encrypt the digital information, and decryption and replay of the digital information 
at the terminal of the user by using a plxirality of keys, one of which is conmion to the multiple keys. 

It is [a] still yet a fiirther object to provide encryption, transmission and reception protocols 
enabling encryption and transmission of digital information received from a transmission system, 
by using key information, a user's key, and a temporary validation key, and decryption and replay 
of the digital information at the terminal of the user by using the key information and user 
authorization information. 

It is also an object to provide a more secure cryptograph and process for transmitting 



-40- 



PATENT 
P55690 

information to a terminal of a user who has requested the information. 

It is also a further object to provide a cryptograph and process that reliably restricts the ability 
of a registered subscriber who has validly obtained information from an information provider, to 
deliver that information to another entity in a readily usable form. 

These and other objects may be attained with an encryption process and apparatus that 
provides a secure and robust copy protection system for a licensed secure digital music initiative 
compliant [modules]module such as personal computers and portable devices, in conjunction with 
Itemet service providers and certificate authorities, by responding to a user's request for 
transmission of items of digital information to the user's terminal unit, by providing copy protection 
during downloading and during uploading of the digital contents. In order to prevent the digital 
contents from being copied illegally, a plxirality of keys [are]is generated and held by both the user 
and the digital content provider, and a secret channel is formed between both the user and the digital 
content provider. The header of the encrypted digital content is encrypted by using a physical 
address of a sector of a licensed SDMI compliant module such as a portable computer or a portable 
media device in order to prevent the digital content from being copied illegally after the digital 
content is recorded in the portable media. 

The present invention includes a certificate authoritv. an information provider, a first content 
output unit, a second content output unit, and a manufacturer of the second output units. 

The certificate authority generates, encrypts, and outputs a first authentication qualification 
kev and a first authentication qualification kev data, and generates a manufacturing kev and 
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manufacturing key information in response to a registration request signal from the manufacturen 
The certificate authority forms a first table and a second table. The first table has a manufacturer key, 
a manufacturer key data, and information of the manufacturer key, and the second table has a token, 
a token information encrypted by the manufacturer key, the identification of a portable device or 
terminal. 

The manufacturer of the second output units such portable devices sends a registration 
request signal to the certificate authority and receives the manufacturing key and manufacturing key 
data. 

The intemet service provider transmits the registration request signal to the certificate 
authority, stores the first authentication qualification key and the first authentication qualification 
key data inputted from the certificate authority in order to be authorized to supply the encrypted 
digital contents, and generates a second authentication qualification key and a second authentication 
qualification key data. The intemet service provider outputs the second registration request signal 
to the certificate authority. 

The first content output unit such as a personal computer outputs the registration request 
signal to the intemet service provider in order to receive the digital contents, stores the second 
authentication qualification key and the second authentication qualification key data, outputs the 
manufacturer key data to the intemet service provider, encodes and outputs the manufacturer key 
detected from the second table in response to the manufacturer key data, and receives a public key, 
public key information and digital contents 

The second content output unit such as a portable device outputs the first registration request 
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signal to the certificate authority and stores the manufacturer key and the manufacturer key data 
inputted firom the certificate authority. 

In addition or alternatively, the present inyention may use a physical address of a bad sector 
formed in the portable recordable medium during the manufacturing process, encrypts a header of 
the encrypted digital contents stored in the portable recordable medium, and records the encrypted 
header on the physical address of the bad sector of the portable recordable medium for preventing 
an illegal copy of the downloaded digital contents through a terminal after the digital contents have 
been downloaded. 

BRIEF DESCMPTION OF THE DRAWINGS 

A more complete appreciation of this invention, and many of the attendant advantages 
thereof, will be readily apparent as the same becomes better understood by reference to the following 
detailed description when considered in conjunction with the accompanying drawings in which like 
reference symbols indicate the same or similar components, wherein: 

Fig. 1 is a block diagram illustrating the overall architecture of an implementation of the 
principles of the present invention; 

Fig. 2 is a block diagram illustrating a registration by an original equipment manufacture of 
a portable device with a certificate authority; 

Fig. 3 is a block diagram showing the registration of [a] Intemet service provider's 
registration with a certificate authority; 

Fig. 4 is a block diagram showing the registration of a personal computer and a portable 
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device with an Internet service provider; 

Fig. 5 is a block diagram showing usage rules governing a database of a right management 

system; 

Fig. 6 is an exemplified format; 

Fig. 7 is a block diagram showing the basic architecture for various inputs; 

Fig. 8 is a block diagram showing control of outsoxirce import; and 

Fig. 9 is a block diagram showing a copy protection system for portable media. 

DETAILED DESCRIPTION OF PREFERRED EMBODIMENTS 

Hereinafter, [an]a preferred embodiment of the present invention will be described in detail 
with reference to the accompanying drawings. 

[Fig. 1 illustrates the overall architecture.] For the removal of some ambiguities, in this 
section, we define some terminologies and list up some abbreviated words for a simple description 
[(most of them are those commonly used in PDWG)]. 

First, we have to distinguish the two words, "Portability" and 
["Transferabilitv] "Transferabilitv " of a content. 

Portability means that a content in a portable media ( PM) can be played in any portable 
device ( PDV Transferability means that [portabilitv] "portabilitv" plus "upload of a content is 
allowed firom a [PM] portable medium to even [a] an LCM[", in this case the content's uploadability 
is to be controlled by check-in/out system and its transferability status.]^ 

The digital contents which are used in the present invention mean all data including audio. 
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video data, as well as character data such as song words, movie caption, and the like to be provided 
through internet. 

Herein after we use the following abbreviated words. 

CA stands for a [Certificate Authoritv] certificate authority (e.g., secure digital music 
initiative ( SDMR, or other trust third party). LCM stands for a [Licensedj licensed SDMI Compliant 
Module. PD stands for [a]mi SDMI [Compliant Portable Device] compliant portable device . PDFM 
stands for a [Portable Device Functional Modulej portable device fiinctional module . ISP stands for 
an Internet Service Provider (including [Content Providerj content providers via the Internet. PM 
stands for a [Portable Media] portable media (SDMI [Compliant Storage Media] compliant storage 
media) . 

Furthermore, here are presented some notations to be used in the following sections. Even 
though they are some intricate, we are sure that they would help the readers clearly understand the 
concrete method we intend. They are relevant to the algorithmic fiinctional modules. 

[ECC stands for a Elliptic Curve Cryptosystem. PryKey^ , PubKey^ stands for a Private Key 
and Public Key of A (this maybe LCM, PD (optional), ISP, CA, ... ), respectively. CertcA (PubKeyJ 
stands for a Certificate for a Public Key PubKey^ issued by CA. MKp^ stands for the Manufacturer 
Key within a PD. ED^^^ stands for the Indicator of a Manufacturer Key. CKpd.lcm is a secure] 

(AIF) Algorithm Identifying Field: 

(API) Applied Program Interface: 

(CA) Certificate Authoritv: 
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(CCS) Copy Control Status: 
(CDF) Content Description Field: 
(CEK) Content Encryption Key: 

(CertCA (PubKeyA)) Certificate (Data) for PubKeyA issued by CA; 
(CHI) Copyright Holder Information Field: 

(CKpd-lcm) a secure (secrete) channel key which is [setup] set up between PD and LCM[.]i 
(CTC) Copyright. Transfer, Check-in/Check-out: 

(DEC(fev.C)) Symmetric key decryption of a ciphertext C by utilizing a secret key, kev\ 
[EC_ENC(fej;, C) stands for an] 

(ECC) Elliptic Curye base d Cryptosystem: 

(EC DEC) Elliptic Curve Decryption of a ciphertext (encrypted text) [C\ by utilizing a 
private key[, key,]], 

(EC__DH(^,5» [stands for] a random secret value (key) shared between A and B by Elliptic 
Curve based Diffie-Hellman Key Exchanging ProtocoU[. EHC(key, C) stands for a] 

(EC DH(ISPXCM) random secret value (key) shared between ISP and LCM by Elliptic 
Curve (Cryptosystem) based Diffie-Hellman Key Exchanging Protocol; 

(EC-ENC) Elliptic Curve-based Encryption of a content by utilizing a public key: 
(EC_ENC(A:ev. O) Elliptic Curve based Encryption of a ciphertext (encrypted text) C by 
utilizing a private key, kev\ 

(ENC) Symmetric Key Encryption of a content by utilizing a secret key: 

(ENC(A:gv. O Symmetric Key Encryption of a content C by utilizing a secrete key, keyi[. 
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Samsung can support its own] 

(ICL) Import Control Layer: 
(ID ^ ) Identifier of A: 
(IP) Information Provider: 

(ISP) Internet Service Provider including Content Provider via the network: 

(LCM) Licensed SDMI Compliant Module: 

(MKIT) Manufacturer Kev Information Table: 

(MKpd) Manufacturer Kev within a portable device: 

(PCS) Plavback Control Status: 

(PD) SDMI Compliant Portable Device: 

(PDFM) Portable Device Functional Module: 

(PKC) Public Kev Crvptosvstem: 

(PM) Portable Media (SDMI Complaint Storage Media): 

(PrvKevA. PubKevA) Private Kev and Public Kev of A (A mav be LCM. PD, ISP, CA, and 
the like): 

(RMF) Right Management Field: 

(RMS-DB) Right Management Svstem-Data Base: 

(RNG) Random Number Generation Unit: 

(SDMI) Secure Digital Music Initiative: 

(SH) Secret Header: 

(SNAKE) Synmietric Key Encryption [algorithm] Algoritiim, [named "SNAKE", that] whidi 
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is very effective for both [SAV]software and [HAV implementation] hardware implements and [it] 
has been world-wide cryptanalized;[. DEC(key, C) stands for a Symmetric Key Decryption of a 
ciphertext C by utilizing a secrete key, key. Noting] 

(SOD Source Originator Indicator Field: 

(UTD) Update Token Data. 

It should be noted that in the above items the Elliptic Curve based Public Key Cryptosystem 
is just an example as a candidate of Public Key Cryptosystem, and so any public key cryptosystem, 
for example RS A, can be used instead of it. But we suggest that SDMI compliant EMD System 
(Electronic Music Distributing System) adopt the ECC System for the next generation [PDs] portable 
devices , since ECC can be efficiently implemented in such small devices with low cost. 

Also, an internet service provider includes a content provider as well as an information 
provider via network. A personal computer or an LCM is examples as a candidate of the first content 
output unit. A portable device such as MP3 is an example of a second content output xmit. A portable 
medium is a jgeneral recording medium including smart media. 

FIG. 1 is a schematic view for explaining a svstem for preventing an illegal copv of digital 
contents according to an embodiment of the present invention. 

A certificate authority 110 generates a first table having the manufacturer kev and the 
manufacturer kev data, and a second table having an identifier (ID) of the portable device 150. a 
token. T. and the information (ENCfMK p p. T)) of the token encrvpted bv the manufacturing kev. 
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That is. the certificate authority 110 generates the manufacturer key, MK p p, and its certificate data, 
Cert(MK p p), in accordance with a first registration request signal 1 2 1 inputted fi"om a manufacturer 
120 of portable devices 1 50, and outputs a manufacturer key and a manufacturer key data to the 
manufacturer 120. 

The manufacturer 1 20 of the portable devices 150 outputs the registration request signal 1 2 1 
to the certificate authority 110 and receives the manufacturer key and the manufacturer key data 
generated by certificate authority 1 10 in accordance with the first registration request signal 121 . 

An internet service provider (ISP) 130 including a content provider via the intemet outputs 
a request signal 1 3 1 to the certificate authority 110, receives a pair of keys and the certificate of the 
key which are generated in the certificate authority 1 1 0 in response to the registration request signal 
13 1 of the ISP, and the second table fi-om the certificate authority 110. 

A licensed SDMI (secure digital music initiative) compliant module (LCM) 140 as a first 
content output unit outputs a registration request signal 141 to the intemet service provider 130 in 
order to receive the digital contents, receives the public key and the data of the public key generated 
in response to the request signal 141, bypasses the data of the manufacturing key of the portable 
device 1 50 to the ISP 130. and encodes and outputs the manufacturer key detected firom the second 
table in response to the manufacturer key data. 

The portable device 1 50 as a second content output unit stores the manufacturer key and the 
manufacturer key data transferred fi-om the certificate authority 1 10, outputs its manufacturer key 
to the intemet service provider 130 through the LCM 140, and receives the manufacturer key data 
of the second table, which is encrypted, supplied from the LCM in order to judge if the stored 
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manufacturer key is authenticated. 

The first table, as shown in FIG. 2, contains the manufacturer key data fCertfMK p^ .)), the 
manufacturer key (MK p p), and an identifier (ID j^^ ) corresponding to the manufacturer key data and 
the manufacturer key, and is stored in only the certificate authority 1 1 0. Further, the second table is 
generated fi:om the certificate authority 110 and outputted to the internet service provider 130, and 
contains the identifierdP ^^^ ), data (ENC(MK p p, T)), and a token(T) which is encoded bv the 
manufacturing key. 

At this time, the certificate authority 110 forms a first channel key(k) which can be shared 
with the internet service provider 1 3 0 in accordance with the registration request signal 131 inputted 
fi'om the intemet service provider 130, and outputs the first authentication qualification key and the 
first authentication qualification key data 111 which are encoded into the intemet service provider 
130 through a secret channel formed by the first channel kevflc). 

The first channel key is a key generated firom encryption of the certificate authority 1 10 by 
using the data which the intemet service provider 130 has. 

Here, we present the minimum substances (algorithms) that are needed for the insurance of 
the security of the LCM and [PD] the portable device . It is assumed that the content compressing and 
decompressing CODECs are built in each device in either [S AV /-form] software-form or [HAV- 
form] hardware-form . 

For the LCM 

Public Key Cryptosystem (PKC), such as ECC, RSA, ... (ECC is more preferable), is to be 
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used for the secure key setup of LCM, the validity check of ISP*s Public Key Certificate, and the 
secure channel construction between ISP and LCM. Symmetric Key Encryption Algorithm, such 
as SNAKE, is to be used for the content encryption, the authentication to a [PD] portable device, and 
the secure channel construction between LCM and [PDJ the portable device . [Secure Chek-in/Chek- 
out System to be presented in section 6, 7 howJHow to construct [this systemj the secure check-in/out 
and how to securely maintain i t are presented in FIGS. 5 and 6 . 

For the [PD]portable device 

Public Key Cryptosystem (PKC) is [an] optional to [PD] the portable device 150 . Symmetric 
Key Encryption Algorithm, such as SNAKE, is to be used for the content encryption, the 
authentication to [ajtiie LCM, and the secure channel construction between [PD] the portable device 
and the LCM. [Manufacturer Kev] The manufacturer kev , MKp^, which is the pre-set manufacturer 
key in a temper resistant area within the [PD] portable device , is to be used for the secure registration 
of a [PD] portable device to LCM. 

For the [PM] portable medixmi 

There needs an apparatus or a pre-set special information within a [PM] portable medium to 
protect contents in it fi'om the dead-copy to another [PM] portable medium . It is desirable, we think, 
to use the imique ID based approach, that is the method that the manufactures of [PM imbed] portable 
media embed a unique ID of each [PMJ portable medium in the write-protected area of it while they 
manufacture it. This can be considered as a [low cost] low-cost method to dead-copy protection for 
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[There] Regarding the initiation mechanism of the present invention, there are four 
registration mechanisms relative to ISPs, LCMs, and [Pds.] PDs. The four registration mechanisms 
include the registrations of the portable device manufacturers to the certificate authority, of ISP to 
the certificate authoritv, of LCM to ISP and of the portable device to LCM. and of multiple LCMs 
or multiple PDs. The manufactures* registration to [CA] the certificate authoritv precedes [is preceded 
ahead] all the others. 

[Prior to manufacturing PD,] 

The registration of the portable device manufacturer 120 to the certificate authoritv 1 10 is 
illustrated in FIG. 2. 

When the [manufacturers should register to C A to get their manufacturer key, MKpo, and its 
certificate, CertcACD^Mjc). and then produce the SDMI Compliant Portable Devices by using them. 
Where such registered manufacturer keys are securely stored in CA's DB and only CA maintains the 
information. The manufacturer should keep their manufacturer-key and its certificate in safe, 
maintains the securely, and imbed them in a temper resistant area of PDs while he manufactures 
PDS.] 

[hi Fig. 2, when a manufacturer request] manufacturer 120 requests its registration to [C A] the 
certificate authoritv 110 . [CA] the certificate authoritv 110 certifies it and then generates a 
manufacturer key, MKp^ and makeits certificate data, [CertCA] Certe A([ID^^1MKpp). to deliver them 
to the manufacturer 120. At the same time [CA] . the certificate authoritv 110 generates a random 
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token, T, to make (or update) [the Manufacturer Key Information Tablel a manufacturer kev 
information table (MKIT) for [the otherjan ISP-registration. Once after [a]ttie manufacturer [got] 120 
gets the data, {MRp^, CertcA([IDMK]MKpD)}, Fhe/shel the manufacturer 120 can [manufactures 
PDslmanufacture the p ortable devices by imbedding those secrete data within a temper resistant area 
of [PDs.l the portable devices. 

Therefore, the portable devices 150 manufactured by the manufacturer 120 are authorized 
by the ce rtificate authority 1 10 to store the downloaded, encrypted digital contents. 

Fig. 3 shows how for [an]tiie ISP 130 to register to fCAI the certificate authority 1 10 and 
what information to get fi-om FCAI the certificate authority 1 10 . For [an]tfie ISP 130 to register to 
rCAI the certificate authority 110 . firstly it generates its ephemeral private-public key pair 
(PrvKeyeph, PubKey^p J to open a secure channel between fCAI the certificate authority and itself by 
EC_DH([CA, ISP). Secondly the ISPI Certificate authority, ISP) and provide a safe way to 
communic ate each other without allowing an illegal copy of the downloaded information through 
the channel. Secondly, a pair of kevs and kev data { PrvKeV j-p PubKeV j^p CerteAfPubKev igp ) } are 
generated and stored in the certificate authority 1 10, and two tables are formed in dependence with 
the manufacture kev. T he certificate authority 1 1 0 encrypts and transmits the encrypted kev and kev 
data to int emet service provider 130 through the channel in order to co-own the key and key data. 
The ISP 130 gets its semi-permanent private-public key pair {PrvKey,sp, CertcA(PubKeyisp)} and 
[MKIT1 the manufacturer key infomiation table data [appeared these proceduresl through the security 
channel . Noting that ISP*s [Key Pairl kev pair should be securely stored, where the host's various 
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system parameters may be used for this goal. 

[ Relating to Fig. 4, the abbreviations stand for as follows. EC_DH(ISP,LCM) represents a 
random secret value (key) shared between ISP and LCM by Elliptic Curve (Elliptic Curve 
Cryptosystem) based Diffie-Hellman Key Exchanging Protocol. ENC stands for synmietric Key 
Encryption of a content by utilizing a secret key. DEC stands for symmetric Key Decryption of a 
ciphertext by utilizing a secret key. EC-ENC stands for Elliptic Curve Encryption of a content by 
utilizing a public key. The Encryption is the ElGamal-like public key encryption process. EC_DEC 
stands for Elliptic Curve Decryption of a ciphertext (encrypted text) by utilizing a private key, ISP 
means an Internet service provider including a content provider via the Internet. LCM means a 
licensed SEMI (secure digital music initiative) compliant module, such as a personal computer.] 

The LCM registration mechanism to an ISP together with [PD] the portable device 
registration is described. As in Fig. 4, LCM gets the ISP's Public Key Information {PubKeyjsp, 
CertcA(PubKeyisp)} at first and verifies its validity by using the CA*s [Public Kevj public key 
Information which was already announced or preset within the LCM in a code-imbedded-like 
method. If the validity of the certificate for the ISP's [PubUc Kev] public key is certified, the LCM 
140 executes the handshaking protocol to get an ephemeral shared key by utilizing Elliptic Curve 
based (or other PKC based) Key Exchanging Protocol. Through this secure channel, the ISP can 
deliver in safe the LCM's permanent private-public key pair for a static secure communication and 
a secure content transaction between the LCM and the ISP. [For a PD to register to the LCM, it has 
to toss] 

When a request sienal 151 is transmitted fi-om the potable device 150 to the LCM 140, the 
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portable device 150 tosses the certificate data for its ID of [manufacturer key and the LCM gets this 
data from the PD to send this to its connected ISP in the encrypted form, EC_ENC(PubKeyisp^ 
CertcA(IDMK)). 

Using this, the ISP can verify] the manufacturer key to the LCM 140. The LCM 140 sends 
them to its connected ISP 130 in the encrypted form, EC ENCfPubKev igp Cert^^dD^^)). 

The internet service provider 130 decrypts the encrypted information and [can extract its 
relevant data, T*||T by looking up MKIP in ISP*s DB t transfer it to the LCM in secure manner, te. 
by EC_ENC(PubKeyLci^, T*||T). For the LCM and the PD] compares the decrypted information with 
the information of the second table. If the decrypted information is identical to the information of 
the second table, the intemet service provider 130 encrypts the content of the table and transmits it 
to the LCM 140 in a secure manner. The LCM 140 decrypts the encrypted information to obtain the 
information of the token. For the LCM 140 and the portable device 140 to [setup] setup a shared 
secret key and to complete the [PD] portable device registration, the LCM 140 randomly generates 
their static and secret channel key^ CKpp ^^^j^ . and encrypts and sends ENC(T,CKpd.lcm)I|T*. Upon 
receiving [this]these data, the [PD] portable device 140 can extract the token value T from T* by 
using the manufacturer key and, by using this token^^ the [PD] portable device 140 can also compute 
CKpp ^ nj.^ and store it . As the [PD] portable device 140 securely stores this channel key^ the [PD- 
registration] portable device registration is finished. The [Channel Key] channel key. CKpi;y.i^j^i may 
be originated fi-om [PD] portable device 150 instead of LCM 140 . In this case the [PD] portable 
device 150 receives the data T* fi-om the LCM and gets the token T by decrypting T* with its 
manufacturer key. And then the [PD] Portable device generates a random channel key CKj>^^^ to 
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Upload ENC(T, CKp^y^^) to LCM. The part of the record in the manufacturer key information table 
(MKIT [(in] ) of the LCMQ] 140 stays in encrypted form by using the LCM*s secret key (this key may 
be LCM's [Public Keyj public key V In practice, during the [PDj portable device 150 registration to 
[LCMJ the [RMS-DB updating] LCM 140, an update token data (UTD or update token data) of 
Right Management System-Data Base (RMS-DB) should be transferred from the [PDJ portable 
device 150 to the LCM 140 (or from the LCM 140 to [PD] the portable device 150) together with 
CKpi^Lc^^ and be set both in the RMS-DB and in the [PD.] portable device. Therefore, all the units 
and terminals in this system are authorized to transmit and receive the encrypted digital contents 
between the units and terminals. 

As shown in FIG. L the architecture and the file format of the present invention can allow 
users to register their own limited number of LCMs or PDs. The number may be limited by ISP or 
by the certificate authority. To register a plurality of [LCM's]jLCMs, since ISP maintains the private- 
public key pair of the firstly registered LCM of a user's multiple LCM*s, ISP can securely deliver the 
same key pair to another LCM of the user. To register a plurality of [PD's] portable devices , LCM 
securely maintains the secret channel key between the LCM and [PD] the portable device , the LCM 
can securely deliver the same key pair to another [PDJ portable device of the user in the same manner 
depicted in Fig. 4. 

Fig. 5 shows exemplified implementation for the management rule of RMS-DB when a 
content downloading occurs. 
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To manage the information CTC= {Copyright, Transfer, Check-in/Check-out } , theLCM [has 
to maintain] 140 maintains the Right Management System [DB] Database 143 . named RMS-DB in 
a secure manner. The Right Management System is described, focusing on the content transaction 
between LCM 140 and the portable device 150. 

The RMS-database contains an update token data area 1 43 a. a tide. CTC (copyright, transfer, 
check-in/check-out) field 143b. a playback control status data area 143c. rand PP. TheRMS-DB 
consists of the Title (or Title-ID), CTC field, Playback Control Status (PCS : the permitted times to 
play, the amnesty period, ...) and Update Token Data (UTD). This DB stays in LCM in the 
encrypted form by utilizing LCM's secret key. An important characteristic of the Update Token Data 
(UTD) is that it is generated fi-om PD whenever any content downloading or uploading session 
between PD and LCM occurs and that it is also stored in the PD.] 

[Whenever a content is played back at first in LCM, the above right management information 
of the content's file format is newly registered to the RMS-DB. Once a content is registered to the 
RMS-DB, every playback procedure should priory reference to the DB to check the content's 
validation. The following Fig. 5 shows exemplified implementation for the management rule of 
RMS-DB when a content downloading occurs.] 

The part of the record in RMS-DB (in LCM) stays in encrypted form by using the LCM's 
secret key [(this key may be] such as CKpd.lcm[)]- Th® UTD pa rt 143a may have a few number of 
Updating Token Data depending on the number of a user's own PD's. 

[Noting the part of the record in RMS-DB (in CLM) stays in encrypted form by using the LCM's 
secrete key (this key may be CKp^ clm)-] 
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[Noting that the RMS-DB may maintain a finite number of UTDs depending on the limited 
number of user's own PDs which were already registered to the LCM.] 

The most important area in the database is the update token area 143a. and the update token 
area 1 43a has different values when the update token area 1 43a downloads a digital content from the 
LCM 140 to the portable device 1 50, or uploads the digital content from the portable device 1 50 to 
the LCM 140. At this time, the update token is transmitted to the LCM 140 through the portable 
device 150 to update the stored token in the LCM 140. 

A portable device import control [PD Import Control] is a layer existing in the LCM 140 to 
import contents ( SDMI Comphant contents from ISPs or [to import] non-SDMI Compliant 
outsource contents ([,]e.g. RedBook CDS, DVD, ...)). Therefore^ this [should contain three of| laver 
contains the followin g three capabilities. One is [Trans-Coding] trans-coding to make [PDjthe 
portable device decompress the input with its CODEC. Second is [Trans-Encrypting] trans- 
encrvpting to make [PD] the portable device decrypt the input with its [Encryption System] encrvption 
svstem . Third is to converting the input to SDMI Compliant the format. 

[PD Interface has two capabilities; Authenticating to PD and opening a secure channel 
between LCM and PD.] 

[ISP Literface has two capabilities; Authenticating to PD and opening a secure channel 
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between LCM and PD.] 

Functional Components in PDFM has LCM Interface and Import Control within PDFM.] 

A portable device interface has two capabilities: authenticating to the portable device and 
opening a secure channel between LCM and the portable device. 

An ISP interface has two capabilities: authenticating to the portable device and opening a 
secure channel between LCM and the portable device. 

Functional components in the portable device include an LCM interface and an import 
control within the portable device. The LCM interface has two capabilities; authenticating 
[Authenticating] to LCM and opening a secure channel between [PD] the portable device and LCM. 

The Import Control within [PDFM] the portable device has the capability to import an outside 
analog input and to make it fit to the SDMI [Compliant] compliant file format. Where the converted 
SDMI [Compliant] compliant content should have the binding information to the [PD] portable device 
150 to be played only via the [PD] portable device . 

[The SEMI-Compliant file format should contain the following information and should allow 
extendibility and flexibility:] 
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FIG. 6 shows an exemplified file format. As shown in FIG. 6, the SDMI compliant file 
contains a plain header 610. a secret header 620. and a file body 630. The plain header 610 
comprises a title-ID 61 L a content description field (CDF) 612. and an algorithm identifying field 
(AIF) 613. The secret header 620 contains a device-ID 62 1 . a source originator indicator field (SOD 
622. a copyright holder information field (CHI) 623.a right management field (RMF) 624. and a 
content encryption key 625. The file body 630 contains a symmetric key encryption of Content by 
utilizing a secret key (ENCflc. Content)). 

The brief descriptions of the fields are as follows: 

-Indication of Source Originator-ISP< LCM (CD-ripping, Audio input)< [PD] Portable 
device (Analog input), Kiosk, ... 

--Device [IDentifier-LCM ID] identifier-LCM ID. PD ID. PM ID 
-Algorithm [Information] Identifying Field 

-Authentication secret sharing an algorithm identifier-EC (Elliptic Curve)-Signature, 

EC-DH, ... 

-Encryption algorithm identifier 
-Codec algorithm identifier-MP3, AAC, ... 
-Encryption key information of content 
-Right Management Field 

Right management field contains the Copy, Check-In/Out, Transfer and Playback 
Control Status, which are to be encrypted by secret key of the device. 
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~Copy-Never/Copy-Free/N o-More-Copy mode 
~Check-In/Out mode 
-Transfer mode (Transferable or not) 
-Playback control information 

—Allowable number of times to be played (imlimited or n-times) 

—Expiration date 

—Amnesty period 
"Copyright holder information 

-Content description field— Title, Composer, Artist, Record-label, ... 
[See Fig 6 for an exemplified file format. Dividing the above file format into the following 
three parts:] 

[-Plain-Header (PH) - {Title-ID, CDF, AIF}] 

[-Secret Header (SH) - {Device-ID, SOI, CHI, RMF, Content Encryption Key}] 
[-File Body (FB) - {The Encrypted Content by using the content encryption key in SH}.] 

The rules to transfer contents securely over ISP-LCM-PD-PM [is foUowingj are as follows . 



When [an]the ISP receives^ content downloading request from [a]the LCM, it confirms the 
LCM's ID and then downloads the content with the file format of [section 7] FIG. 6 to the LCM. For 
the LCM to play the reached content, it follows the following steps in this order. First, [finding]the 
LCM finds out the encryption algorithm from the [field AIF in PH. Second.] AIF 613 in the plain 
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header 610. Second, the fields in the secret header 620 are recovered by using the found out 
encryption algorithm and LCM*s secrete key (private key) [to recover the fields in SH]. Third, 
[comparing] the [Device- JD] Device-ID field 621 is compared with [its ID. Fourth, fi'om the RMF 
information confirming the Copy Control Status, Playback Control Status, and Transfer Control 
Status to register it to its RMS-DB. Fifth, recovering the] the ID of the LCM to check if there is 
correspondence between the two. In the case of correspondence, the copv control status from the 
RMF data, the playback control status, and the transfer control status are identified to register them 
in the database(RMS-DB) which the LCM 140 has. 

After the above process is performed, the digital content encryption key [from CEK to 
recover the real content from FB.] is extracted by using a CEK field, and the encoded digital content 
is interpreted by using the encryption key. If any of these lists [does]is not [violatej violated . 
[playing] the musi c can be played . 

If it is needed to modify the RMF [field]624, especially the Playback Control Status (PCS), 
the LCM 140 has [o replacel to update the data both in the file and in the RMS-DB following the 
controlling direction. 

In the case of changing the RMF 624 of the file formats, in particular the playback control 
status, the LCM 1 40 replaces the playback control state data in two places of the database(RMS-DB) 
and the file format with desired data. 

The procedure for [a]the LCM 140 to download [a]the content to its [PD isl portable device 
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150 includes the following steps. First, the LCM 140 requests the PD-ID and UTD [data] to the 
rPDl portable device 150 . Second, [PDl the portable device 1 50 sends the ENC (CKpo.LCM> UTD II 
PD-ID) to the LCMi40. Third, the LCMi40 recovers the PD-ID and confirms it Fourth, the LCM 
140 recovers the UTD and [SH partl the fields in the secret header 620 and compares them with those 
in its RMS-DB. If UTD is correct and if any alternation of RMF is needed, the LCM updates the 
contents of RMF both in RMS-DB and in the file format. Fifth, the LCM 140 updates UTD of 
RMS-DB [by] with newly generated UTD^ and ENC (CKpi>.lcm,utd*) [IS TO BE SENT TO THE pd. 
Sixth, if the Transfer Control Status indicates as "Transfer" then replace it by "Transferred" to the 
Transfer Control Status filed in RMS-DB not in the file format. Where] is to be sent to the Portable 
device. Sixth, where the Transfer Control Status field has the three types, "Transfer", "Transferred", 
and "Transfer-non" and the Transfer Control Status in RMS-DB indicates as "Transfer", "Transfer" 
is replaced with "Transferred" in the Transfer Control Status filed in RMS-DB. but not in the file 
format . Seventh, if the Copy Control Status (CCS) indicates "Check-in", [then replace it]it is 
replaced by "Check-out" [to]in the Copy Control Status field both in RMS-DB and in the file format. 
Eighth, if the Copy Control Status (CCS) indicates "Copy-Never", the content downloading to [a 
PDI the portable device is denied. If any of the above lists [does]is not [violate] violated , 
[downloading] the content to the portable device is downloade. [PD complete.] 

[For contents transaction firom PD to PM, in case that imique ID of each PM exists, for a PD 
to write a content on a PM, it just writes the content on the PM and it recovers the Secret Header 
(SH) and re-encrypts it by using the xmique ID of the PM as an encryption key. For the case that a 
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unique ID of each PM does not exist, fora PD to write a content on a PM, it just writes the content 
on the PM and it recovers the Secret Header (SH) and re-encrypts it by using a portable device is 
downloaded.] 

Hereinafter the process of the digital contents between the portable device 150 and the 
portable recording medium 160 as a content storage medium for preventing an illegal copv in 
downloading the digital content, which the portable device has, to the portable medium 160 is 
explained. 

Firstly, if there is its owned ID in the portable medium 1 60. the portable device 150 records 
the digital contents which are encrypted bv using the ID. 

Secondly, if there is its owned ID in the portable medium 160. the portable device 140 
records the digital contents which are encrypted by using randomly generated key. 

[Where the] The randomly generated key[, say] T[ J is encrypted by using a [common 
secrete] kev. S. of the general secret key[, S (this] which is [a present value] predetermined by the 
rmanufacture] manufacturer 120 of the [PD), and] portable device 150. 

The encrypted T is [also written] recorded on [a]tiie hidden area of the [PM] portable 
medium . 

[For] Where there is its own ID in the [first case of the section 8.3] portable medium 160 . all 
contents within the [PM] portable medium can be played by all [PDS] the portable devices , but, [for 
the second case] where there is not its own ID . all contents within the [PM] portable medium 160 can 
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be played only by the [PDS] portable devices produced by the manufacturers which adopted this 
system, [Any way] Anyway it is certain that this system can support the portability of contents via 
rPMs] the portable media . 

As previously we defined [in section 3], the "Transferability" is a different concept fi^om the 
"Portability" of a content. The main difference is that the content with "Transferability" can be not 
only played in any [PDS] portable devices but also uploaded to any LCMs, but not in the case of 
"Portability". Since [our] the present system has and manages the Transfer Control Status field both 
in the RMS-DB and in the file format, [outj the present system can support the transferability of 
[a]the content. If there is marked "Transfer" in the field of a content and if the content is just 
downloaded to f PD] the portable device , then the LCM downloads it to the [PDJ portable device and 
replaces "Transfer" by "Transferred" in the relevant field of RMS-DB. Then the content, which has 
been downloaded to [a PD] the portable device , can no longer be played in the LCM until it is 
uploaded to the LCM again, but the downloaded content in [a PM] the portable medium 1 60 can be 
played by any [PDS] portable device and can be uploaded to another LCM via [a PD] the portable 
device . 

.If the Copy Control Status (CCS) of a content contained in a [PM] portable medium indicates 
"Copy-Free", the content can be uploaded to any LCMs. 

[As shown in Fig 7, various inputs such as originated fi'om Redbook CD, Audio CD, Super 
Audio] Further, various input devices are additionally connected to the LCM 140 and the portable 
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device 150 applied to the present invention, and such input devices are shown in detail in FIG. 7. 

The input devices which can be additionallv connected to the LCM 140 and the portable 
device 150 can be CD such as RedBook CD. audio CD. super audio CD, DVD Disk, and analog 
[Device are all allowable to LCM optionally. An analog] input [to PD is also allowable. The secure 
import control for those several inputs to LCM or to PD is presented in the next subsections. 
L and the like. 

The audio signal inputted through the input devices is inputted to the LCM 1 40. and encoded 
according to a system supported in the present invention, and then transmitted to the portable device 
150. or transmitted to the portable medium 160 to be reproduced through the portable device 150. 

The kiosk 170 generates a registration request signal for selling an encoded digital content 
by the internet service provider 130 through the LCM 140. Therefore, the internet service provider 
130 provides to the kiosk 170 the portable medium 160 having digital contents encoded bv the 
system supported in the present invention according to the registration request signal, and the kiosk 
receives fees from users and transmits the digital contents stored in the portable medium 160. Kiosk 
1 70 is a store or vending machine selling a recording medium or digital content which is reproduced 
in this system. Machine on Kiosk is regarded as a personal computer having an interface of the 
digital content portable medium 1 60. The recording medium interface can be used bv anyone having 
a supply agreement with an intellectual property right owner or the digital internet service provider. 

FIG. 8 is a view for showing an output source of Fig. 7 capable of being additionally 
connected to the embodiment of the present invention. 
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As shown in Fig 8, the [host device] LCM 140 , in which the LCM module exists, has at least 
the following three layers (two of these exist in the LCM module): 

r-Authenticatedl Authenticated Input [API-This API] API 810 has the roles [that 
confirmsl of confirming the validity of the input [ ]and [extracts] extracting some required 
information to convert the input into a SEMI Compliant format. 
[--Validity Check] 

f — If| With respect to the role of confirming the validity of the input, if the 
input data [has]have a watermark, then this API should be able to detect it.[ 

[-]If the input data [takes] take an encrypted (or scrambled) form, then this 
API should be able to extract its encryption key and the encryption (or 
scrambling) algorithm. 

[--If] If the input data [does]do not take any protected form, then the API 
should confirm the validity of written format of the media containing the 
input data. The API checks if an input device and data inputted fi-om the input 
device are suitable for the svstem and transmits the following data to the 
import control layer 820. 
["Required] The required data for the API to pass over to the Import Control Layer[.] are as 
follows: 

-Information of the media (source) type- Audio CD, DVD Audio, ... 
"Information of the originator of the input content 
-Information of the content-Title, if any. Player, Artist, ... 
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—Information of the encryption algorithm if any 
—Information of the encryption key if any. 
[-PD Import Control-ThisJThe Import Control Laye r 820 gets a bundle of information 
from the Authenticated Input API and reconstructs the input content to meet a SEMI 
Compliant file format by following the rules listed below: 

-Copy Control Status-mark "Copy-Never" or "Check-in/Check-out" (optionally) 
—Playback Control Status— mark "Times to playback = infinite or N" (N: optional) 
—Transfer Control Status-mark "Transfer-Non" 

-Mark the "LCM-ID" into the SOI field and Device-ID field of SH (Secret Header) 
—If the input content is not encrypted, [then generate] a random key is generated and 
[encrypt it] encrypts the input content by the random key. 

—If the input content takes an encrypted form by other encryption algorithm different 
from the PD*s, then this layer trans-encrypts the content to be played in the 
[PD] portable device . 

[-Public-Key-Encrypt such made] -The secret header par t is encrypted by LCM's 

public key. 

[-PD Interface-Thisl The PD Interface layer 830 authenticates the connected [PDI portable 
device 150 by checking whether the [PD] portable device 150 has [ ]its correct ID and the secret 
channel key^ CKpo^LCM- [Where the]The Kerberos Authentication [ ]Protocol may be used (refer to: 
A.J. Menezes, P.C. Oorschot, and S. A. Vanstone, Handbook [ ]of Applied Cryptography, pp. 
401-403, CRC Press, 1996). 
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The Import Control Layer (flLC HCU 860 within the fPOFMI portable device 150 makes a 
SEMI Compliant compressed digital content from the analog input by following the rules listed 
below: 

"Upon reception of each frame of the analog input, the ICL [does encoding] encodes the 
frame and [does encrypting it] by a randomly generated key. If all the frames [has]have been 
encrypted [follow]^the next steps are followed . 

["Copy Control StatuS"mark] -The copy control status is marked as "Copy-Never" or 
"Check-in/Check-out" (optionally)^ 

[—Playback Control StatuS"mark] -The playback control status is marked as "Times to 
playback-infinite or N" (N: optional). 

[—Transfer Control Status-mark] -The transfer control status is marked as "Transfer-Non". 

["Mark the "PD-ID"1 -The "PD-ID" is marked into the SOI field and [Device-ID] Devide-ID 
field of [SH (Secret Header)] the secret header. 

[—Encrypt such made] -The portable device encrypts the secret header part by [PD's]the 
portable device's channel key. 

If [such]the converted SEMI Compliant content from the analog input has its SOI field 622 
of [SH (]tiie.Secret Header[)] with marked "PD-ID", then the procedure of writing the content on a 
[PM] portable medixmi does not use the unique ID of the [PM"This] portable medium. This means 
that such content as made from an analog input to a [PD] portable device is not allowed to have the 
"Portability". 
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[An example for the "Kiosk" may be a shop or a machine that makes a bimdle of SDMI 
CompHant contents into PMs from CD-Ripping, etc. and sells them. Here we regard such Kiosk-like 
machine as a special LCM with PM-Interface that has a special contraction with some ISPs and 
groups of copyright holders. Hence, to make a SDMI Compliant PMs from other physical media, 
the Kiosk-like machine follows the same routines as described in section 9.1 and 8.3.] 

[In this article we proposed a secure copy protection mechanism for the Internet based MOD 
Services. One of our proprietary modules is relevant to the use of and management of MKIT table 
appeared in the PD registration procedxire. Another one is relevant to the construction of secure 
Check-in/Check-out system which securely maintains the contents downloading/uploading between 
LCM and PD.] 

[SAMSUNG Copv Protection Scheme for Portable Media] 

[Referring to Unique ED, ID (Optional feature), PM] Hereinafter. the copyprotection scheme 
for portable media is described. 

The portable medium may optionally support unique ID for first Generation [PM] portable 
media . If [Uniquej the unique ED is not supported, [Phvsical] the physical address of a.bad sector of 
[PM] the portable medium is used instead. If imique ID is supported, it should be one-time writeable 
during the manufacturing stage only, and readable only by [PD] the portable device with a special 
command. 
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[Referring to Channel key, CK, CK is a shared key between LCM and PD. To support 
portability, CK is not considered as input to function f(). If CK is included, it provides additional 
security to the content stored in PM. CK may take various forms depending on the application usage 
and right management rules.] 

[Referring to Address of Bad Sector of Portable Media, P, the usage of P prevents the 
playback of illegally copied content from PM to PM by simple "dead-copy".] 

[Referring to Spared Area, a special command known only to the manufacturer needs to be 
known to access this area.] 

The copv protection system for the portable media is shown in FIG. 9. 

First, the portable device 1 50 and the LCM 140 share a channel key to form a secure channel 
between them. 

The portable device 150 receives as inputs and function processes a physical address of a bad 
sector of the portable medium 1 60, a random number, and a secret channele key which is transmitted 
from the LCM 140 and stored in the LCM 140. With the processed value, the portable device 1 50 
encrypts a header of the digital contents and transmits it 1 60. Hash function or one way function can 
be used for the function process. At this time, what generates the key for encryption is the function 
process means 149. 

Function process means 149 receives as an input the physical address of the bad sector 
transmitted from the portable medium 160 and receives as an input the random number through the 
random number generating means (RNG1 159. The random number is also transmitted and stored 
in a spare area of the portable medium 160. 
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The portable medium 1 60 transmits the physical address of the bad sector, stores a random 
nmnber generated in the portable device 150 as an input in the spare area, and stores as sector data 
the encrypted header information encrypted bv the processed value and the encrypted di gital content 
. inputted through the portable device 150. 

[BRIEF DESCRIPTION OF THE DRAWINGS] 

[FIG. 1 is a schematic view for explaining a system for preventing an illegal copy of 
according to an embodiment of the present invention;] 

[FIGs. 2-5 are views for briefly explaining registration requests or] 

[FIG. 6 is a view for showing an example of a file format which is supported by the 
embodiment of the present invention;] 

[FIG. 7 is a block diagram for showing an output source of digital content processes in a 
content storage unit of the embodiment of the present invention;] 

[FIG. 8 is a view for showing an output source capable of being additionally connected to 
the embodiment of the present invention.] 

[Explanation reference number in drawings] 

[10 : authorization recognition means] 
[20 : record/reproduction supply means] 
[30 : content supply unit] 
[40 : PC] 
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[50 : portable record/reproduction means] 
[60 : recording medium] 

[DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENT 

SUMMARY OF THE INVENTION FIELD OF THE INVENTION AND DESCRffTION OF 

PRIOR ART] 

[The present invention relates to a system for preventing an illegal copy of digital contents, 
and more particularly to a system for preventing an illegal copy of digital contents which forms 
secret channels between all the systems connected to users and exchanges contents through the 
formed secret channels in order to prevent digital contents from an illegal copy.] 

[In recent years, commxmication environment has rapidly been developed , and each 
individual can assess a lot of information by using PC with various types of communication 
equipment.] 

[Therefore, there are digital content suppliers who intend to provide much more digital data 
to the above first content output imits, and the digital content suppliers provide users with digital 
contents which are document information or audio files such as MP3.] 

[The digital content suppliers require that some fee should be payed in supply of the digital 
contents.] 

[In the prior art, however, it is difficult to prevent the illegal copy of the supplied digital 
contents after the digital contents has been supplied to a user.] 



-73- 



PATENT 
P55690 

[The present invention relates to a system having a portable recx)rdable medium for 
preventing an illegal copy of digital contents, and more particularly to a system having a portable 
recordable medixim by using a physical address of bad sector formed the portable recordable 
medium during manufacturing process of the portable recordable medium and by encrypting a header 
of the encrypted digital contents stored in the portable recordable medium and recording the 
encrypted header on a physical address of bad sector of the portable recordable mediimi. The 
physical address of bad sector is formed on the portable recordable medium during manufacturing 
process of the portable recordable mediimi. This is for preventing an illegal copy of the downloaded 
digital contents through a terminal after the digital contents has been downloaded.] 

[In recent years, communication environment has rapidly been developed , and each 
individual can assess a lot of information by using PC with various types of conmiunication 
equipment or first contents output imit such as internet appliance, PC, PDA, Web Phone, Mobile 
Phoen,etc.] 

[Therefore, there are digital content suppliers who intend to provide much more digital data 
to the above mentioned first content output units, and the digital content suppliers provide users with 
digital contents which are document information, video information, song words, character display 
such as movie caption, or audio files such as MP3, Aac, G2, etc. Various types of codec provided 
by this invention can be downloaded and recorded in a portable medium which can be played on a 
portable medium player or a portable medium terminal.] 

It is optional to encrvpt the header of the digital content by fiinction processing after 
receiving all of the commonly owned key, random number, and the physical address of the bad 
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sector or one of the commonly owned key, random numben and the physical address of the bad 
sector. 

The digital content can be downloaded to the portable medium 160 through the portable 
device 150 or directly from the LCM 140, 

[However, it is difficult to prevent the illegal copy of the supplied digital contents or the 
codec recorded on the portable medixim if the portable medium is coped after the digital contents has 
been supplied to a user and recorded on the portable medixim.] 

[At this time, the digital contents which are used in the present invention mean all data 
including audio, video data, as well as character data such as song words, movie caption, and the like 
to be provided through internet.] 

[In particular, the MP3 which is the audio data of the above digital contents is downloaded 
to the first content output unit as well as the second content output unit such as an MP3 player and 
then reproduced.] 

[In the meantime, the MP3 is downloaded to a content storage unit such as a smartmedia card 
built in the first content output unit, and the MPS downloaded in the content storage unit is 
reproduced through the second content output unit.] 

[However, as stated above, there is a drawback in that digital data downloaded to the first 
and second content output imits and the content storage unit is easily copied to be illegally 
distributed] 
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[TECHNICAL OBJECT OF THE INVENTION] 

[This invention provides a system for preventing an illegal copy of digital contents which is 
downloaded and uploaded the digital contents. The system forms secret channels between all the 
systems connected to users and exchanges contents through the formed secret channels in order to 
prevent digital contents from an illegal copy.] 

[The present invention provides a system having a portable recordable medium for 
preventing an illegal copy of digital contents, and more particularly to a system having a portable 
recordable medium by using a physical address of bad sector formed the portable recordable 
medium during manufacturing process of the portable recordable medium and by encrypting a header 
of the encrypted digital contents stored in the portable recordable medium and recording the 
encrypted header on a physical address of bad sector of the portable recordable medium. The 
physical address of bad sector is formed on the portable recordable medium during manufacturing 
process of the portable recordable medium. This is for preventing an illegal copy of the downloaded 
digital contents through a terminal after the digital contents has been downloaded.] 

[SUMMARY OF THE INVENTION AND DETAILED DESCRIPTION OF THE 
PREFERRED EMBODIMENT] 

[Accordingly, in order to solve the above problem, it is an object of the present invention to 
provide a system for preventing an illegal copy of digital contents for preventing from an illegal copy 
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and distribution a digital content downloaded by forming a secret channel between all the system 
mutually connected as users download and reproduce the digital content.] 

[In order to achieve the above object, the present invention includes an authorization 
recognition unit for generating a first authentication qualification key and a first authentication 
qualification key data, which may be encrypted, and for generating a manufacturing key and 
manufacturing key information for reproducing and outputting the encrypted digital contents 
supplied or supplying in response to a registration request signal inputted fi-om external, a portable 
terminal supplying means requesting the registration request signal and receiving the manufacturing 
key and manufacturing key information, a content supply unit for transmitting the registration 
request signal to the authorization recognition unit, for storing the first authentication qualification 
key and the first authentication qualification key data inputted fi-om the authorization recognition 
unit in order to be authorized to supply the encrypted digital contents, and for generating a second 
authentication qualification key and a second authentication qualification key data, and a PC for 
outputting the third registration request signal to the content supply unit, for storing the second 
authentication qualification key and the second authentication qualification key data inputted fi*om 
the content supply unit, and for receiving a public key, public key information and digital contents.] 

[Further, in order to achieve the above object, the present invention includes an authorization 
recognition unit for forming a first table having a manufacturer key, a manufacturer key data and a 
second table having a token, information relating to an encrypted token by using the manufacturer 
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key, identification of a portable device or terminal and forming a pair of table with the first table 
in response to a first registration request signal inputted from external, for generating a first table and 
a second table by using the manufacturer key and the manufacturer key data, and for generating a 
first authentication qualification key and a first authentication qualification key data in response to 
the second registration request signal inputted from external, a portable terminal unit for outputting 
the first registration request signal to the authorization recognition unit and for storing the 
manufacturer key and the manufacturer key data inputted from the authorization xmit, a content 
supply unit for outputting the second registration request signal to the authorization recognition unit, 
for storing the first authentication qualification key, the first authentication qualification key data, 
and the second table, and for generating a second authentication qualification key and a second 
authentication qualification key data in response to a third registration request signal inputted from 
extemal, a first content output imit like as a PC for outputting the third registration request signal 
to the content supply unit in order to receive the digital contents and output the received digital 
contents, for storing the second authentication qualification key and the second authentication 
qualification key data such as Public key and Public Key information inputted from the content 
supply unit, for outputting the manufacturer key data inputted from extemal to the content supply 
unit, for encoding and outputting the manufacturer key detected from the second table in response 
to the manufacturer key data, and a second content output unit such as a portable terminal for storing 
the manufacturer key and the manufacturer key data inputted from the authorization recognition unit, 
for outputting the manufacturer key data to the content supply unit through the first content output 
unit, and for receiving the manufacturer key information of the second table, which is encrypted, 
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supplied from the PC in order to judge if the stored manufacturer key is authenticated.] 

[Further, in order to achieve the above object, the present invention includes a content supply 
unit for supplying an encoded digital content, a first content output unit including a database which 
has a reproduction data of the digital content downloaded from the content supply unit, encoding the 
database by using the third channel key for storage, interpreting the reproduction data of the digital 
content inputted from external by using the third channel key to be compared with a reproduction 
data of the database, to thereby judge if an illegal copy of the digital content is performed, and a 
second content output unit for updating the reproduction data of the digital content stored in advance 
by interpreting the reproduction data of the digital content inputted from the first content output xmit 
by using the third chaimel key, and transmitting the updated reproduction data of the digital content 
to the first content output unit.] 

[Hereinafter, an preferred embodiment of the present invention will be described in detail 
with reference to the accompanying drawings.] 

[FIG. 1 is a schematic view for explaining a system for preventing an illegal copy of digital 
contents according to an embodiment of the present invention, in which the structure is as follows.] 

[An authorization recognition unit 1 0 generates a manufacturer key and a manufacturer key 
data in accordance with a first registration request signal inputted from a record/reproduction 
apparatus supply unit as a portable terminal supply means as described later, and outputs a 
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manufacturer key and a manufacturer key data to the record/reproduction apparatus supply unit. 
Further, the authorization recognition unit 1 0 uses the manufacturer key and a manufacturer key data 
forming first and second tables , and generates a first authentication qualification key and a first 
authentication qualification key in accordance with a second registration request signal inputted 
firom a content supply unit.] 

[A portable terminal supplying means 20 outputs the first registration request signal to 
authorization recognition unit 10 and receiving the manufacturer key and a manufacturer key data 
generated by authorization recognition unit 10 in accordance with the first registration request 
signal.] 

[A content supply unit 30 outputs the second registration request signal to the authorization 
recognition unit, stores the first authentication qualification key, the first authentication qualification 
key data, and the second table, and generates a second authentication qualification key and a second 
authentication qualification key data in response to a third registration request signal inputted fi^om 
external.] 

[A PC 40 as a first content output unit outputs the third registration request signal to the 
content supply unit 30 in order to receive the digital contents and output the received digital 
contents, stores the second authentication qualification key and the second authentication 
qualification key data such as Public key and Public Key information inputted fi*om the content 
supply vmit, outputs the manufacturer key data inputted fi'om external to the content supply unit, 
encodes and outputs the manufacturer key detected fi-om the second table in response to the 
manufacturer key data.] 
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[A portable terminal 50 as a secx)nd content output unit stores the manufacturer key and the 
manufacturer key data inputted from the authorization recognition imit, outputs the manufacturer key 
data to the content supply imit through the first content output unit, and receives the manufacturer 
key information of the second table, which is encrypted, supplied from the PC in order to judge if 
the stored manufacturer key is authenticated.] 

[In the meantime, the first authentication qualification key and the first authentication 
qualification key mean a public key, a public key data, and a private key of the content supply imit 
30 generated from the authorization recognition xmit 10.] 

[Further, the first table, as shown in FIG. 2, contains a manufacturer key data(Cert(MKpD)), 
the manufacturer key(MKpD), and an identifier(ID corresponding to the manufacturer key data 
and the manufacturer key, and is stored in only the authorization recognition unit 10. Further, the 
second table is generated from the authorization recognition unit 10 and outputted to the content 
supply unit 30, and contains the identifier(IDj^, data(ENC(MKpD, T)), and a token(T) which 
encodes the manufacturer key by using the token.] 

[At this time, he authorization recognition unit 1 0 forms a first channel key(k) which can be 
shared with the content supply unit 30 in accordance with the second registration request signal 3 1 
inputted from the content supply imit 30, and outputs the first authentication qualification key and 
the first authentication qualification key data 1 1 which is encoded into the content supply unit 30 
through a secrete chaimel formed by the first channel key(k).] 

[The first channel key is a key generated from encryption of the authorization recognition 
unit 10 by using data which the content supply unit 30 has.] 
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[Hereinafter, an preferred embodiment of the present invention will be described in detail 
with reference to the accompanying drawings.] 

[FIGs. 2-5 are views for briefly explaining the flow of registration requests by respective 
blocks or Keys and Key information or data for the digital content reproductions by respective 
blocks of FIG. L] 

[The portable terminal supply unit 20 outputs the first registration request signal to the 
authorization recognition unit 10 in order to register the portable device or terminal to the 
authorization recognition unit 10.] 

[The authorization recognition unit 1 0 generates and transmits manufacturer key MKpo and 
the manufacturer key data (CertcA(MKpD), which is possessed by each designated portable device 
for its own use, to portable terminal supply unit 20 as a record/reproduction apparatus.] 

[Therefore, portable terminal supply unit 20 stores the received manufacturer key and the 
manufacturer key data into an intemal memory like as a tempery resistant area of portable terminal 
supply unit 20 during manufacturing portable terminal supply xmit 20. The stored manufacturer key 
and the manufacturer key data of portable terminal supplyxmit20 can not be noticed by other users.] 

[The authorization recognition unit 1 0 generates the manufacturer key and the manufacturer 
key data to be transmitted to portable terminal supply unit 20 and generates a token randomly.] 

[The authorization recognition unit 1 0 includes two tables. The first table is possessed by the 
authorization recognition xmit 10, which includes manufacturer key and the manufacturer key data 
information.] 
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[The second table is a manufacture key information table which is transmitted from 
authorization recognition unit 1 0 to content supply means 30 and is a table having identifier of the 
portable terminal, the token encrypted by the manufacture key, and information for the token.] 

[Therefore, portable terminal 50 which is manufactured by the portable terminal supply unit 
20 is authorized by authorization recognition unit 10 to store the downloaded, encrypted digital 
contents.] 

[In addition, The content supply unit 30 outputs the second registration request signal in 
order to obtain the authorization.] 

[Then, Key and Key data information is generated between content supply unit 30 and 
authorization recognition unit 10 shown in Fig. 2..] 

[In accordance with the request signal from content supply xmit 30, authorization recognition 
unit 10 generates a private key PrvKey^ph and a public key PubKey^phJ 

[A pair of keys and key information { PrvKeyi^p^ PubKeyigp CertcA(PubKeyisp } 
are generated and stored in content supply unit 30, and two tables are formed in dependence with 
the manufacture key.] 

[Because content supply unit 3 0 and authorization recognition vmit 1 0 have a channel formed 
by a co-owned key EC_DH(CA,ISP), the chaimel formed between content supply unit 30 and 
authorization recognition unit 1 0 provides a safe way to communicate each other without allowing 
an illegal copy of the downloaded information through the channel.] 

[Authorization recognition imit 10 transmit a encrypted key and key information to content 
supply imit 30 through the channel in order to co-own the key and key information. Content supply 
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unit 30 decrypts the encrypted key and key information by using co-owned key and stores the key 
and key information. Set up between content supply unit 30 and authorization recognition unit 10 
is finished.] 

[After the setup of content supply xrnit 30 and authorization recognition unit 10, PC 40 
transmits a request signal to content supply unit 30 to receive the encrypted digital contents. Content 
supply unit 30 transmits its public key and public key information PubKeygp CertcA(PubKeyisp) to 
PC 40. PC 40 stores the received republic key and public key information PubKeyi^p^ 
CertcA(PubKeyjsp)0 

[A key generated by EC_DH(ISP,LCM) is co-owned by content supply unit 30 and PC 40 
and forms a channel between content supply unit 30 and PC 40. PC 40 can receive the digital 
contents fi-om content supply unit 30 through the chaimel.] 

[Public key and public key information is transmitted fi-om content supply unit 30 
to PC 40 through the chaimel. Setup between content supply imit 30 and PC 40 for downloading the 
digital contents is finished.] 

[When a request signal is transmitted fi-om potable terminal 50 to PC 40, potable terminal 
50 transmits the manufacture key, which has been received firom Authorization recognition unit 10 
and stored in the memory of potable terminal 50, with the encrypted Public key, which is received 
from content supply unit, to content supply unit 30 through PC 40.] 

[Content supply unit 30 decrypts the encrypted information and compares the encrypted 
information with tiie information of the second table. If the encrypted information is identical to the 
information of the second table, content supply unit 30 encrypts the content of the table and 
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transmits the encrypted information to PC 40. PC 40 decrypts the encrypted information to obtain 
the information of the token.] 

[At this time, a channel key is randomly generated in PC, is maintained in confidential. PC 
40 encrypts the channel key and transmit to portable terminal 50 the encrypted channel key by using 
the decrypted token information.] 

[Portable terminal 50 reads the token information from the information of the table received 
fi"om content supply unit 30 by using the manufacture key.] 

[The registration process is finished when the channel key obtained by decrypting the 
encrypted information by using the token information and the channel key is co-owned by PC 40 and 
portable terminal 50.] 

[Therefore, all the units and terminals in this system are authorized to transmit and receive 
the encrypted digital contents between the units and terminals.] 

[PC 40 includes a data base such as RMS-DB (Right Management System-Data Base) 
described in Fig. 6 for preventing the illegal copy of the digital contents when PC 40 transmits the 
digital contents received fi-om content supply unit 30.] 

[The above data base is applied for processing the digital contents transmitted between PC 
40 and portable terminal 50. Referring to the structure of the data base. The database contains 
an identifier data area of the digital content, an updated token data area, a data area for checking a 
present state of the digital content, and a reproduction control data area.] 

[Further, the database is stored in PC 40 in an encoded form by the secret channel key which 
PC 40. The most important area in the database is the updated token area, and the updated token 
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area has different values when the updated token area downloads a digital content from PC 40 to 
portable terminal 50, or uploads the digital content from portable terminal 50 to PC 40. At this time, 
the updated token is transmitted to PC 40 through portable terminal 50 to update the stored token 
in PC 40.] 

[That is, data registered in the database of PC 40 becomes different every time PC 40 
reproduces, downloads, or updates a digital content downloaded into PC 40. Therefore, PC 40 
checks the registered data in the database if users legally use the digital content in the case that a 
request signal for reproduction, download, or upload of the digital content is inputted by the users.] 

[Further, in the case that the digital content is downloaded or uploaded between PC 40 and 
the portable terminal 50, an area is checked which has data for checking a present state of the digital 
content and which is the second area of the database.] 

[That is, since PC 40 checks the third area, when the portable terminal 50 downloads a digital 
content downloaded from the content supply unit to the second content output unit, the selection 
of a copy form or a transmission form can be read.] 

[Further, by checking check-in/check-out data included in the second area, the transmission 
state of the digital content can be read. That is, the check-in data means that a digital content is not 
downloaded from the content supply unit to the portable terminal 50.] 

[The check-out data means that the digital content is a downloading state from the portable 
terminal supply unit 20 to the portable terminal 50, or that the downloaded digital content is again 
uploaded to PC 40.] 
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[The last area of the database is a reproduction control data area and contains data for 
reproduction times of a digital content, a reproduction expiration period of the digital content, and 
an amnesty period of the digital content.] 

[Here, the reproduction times of the digital content is a value which is established when a 
digital content is provided from the content supply unit 30 to PC 40 and which controls the 
reproduction times by coimting down one by one every time the digital content is downloaded.] 

[Further, the reproduction expiration period of the digital content does not mean the 
reproduction of the digital content and the control of the output state, but a period established by the 
content supply unit 30, and the digital content downloaded from the content supply unit 30 to PC 
40 can be reproduced in the period as stated above.] 

[Lastly, the amnesty period of the digital content enables the digital content downloaded from 
the content supply unit 30 to PC 40 to be reproduced irrespectively of the reproduction times of the 
digital contents or the expiration period.] 

[As stated above, if the content supply unit 3 0 accepts a download request of a digital content 
of PC 40, the content supply unit 30 firstly identifies the ID of PC 40 as a first content output unit, 
judges as PC 40 legally connected to the content supply unit 30, and downloads a digital content 
having a file format embodied by the secret system to PC 40.] 

[The file format having a digital content transmitted to PC 40 from the content supply unit 
30, as shown in FIG. 6, contains a title ID field, a content description field (CDF), algorithm 
identifying field (AIF), an indicator of source originator field (SOI), a copyright holder information 
field (CHI) indicating a copy holder information, a right management field (RMF), a content 
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encryption key (CEK), and a digital content field encoded to a content encryption key.] 

[The content description field has data such as a digital content composer, a singer, a record 
label or the like.] 

[The algorithm identifying field denotes an algorithm employed in the secret system 
embodied in the present invention, and there are ECC, SNAKE, CODEC and the like in the 
algorithm.] 

[The SOI field has one of data of ISP_ID denoting an identifier of a content supply unit 30 
of the present invention, LSP_ID denoting an identifier of the first content output unit 40, PD_ID 
denoting an identifier of portable terminal 50.] 

[Therefore, in the case that PC 40 downloads and reproduces a digital content having the 
format as stated above, firstly an algorithm encoded fi"om the AIF field is identified, and the 
authentication qualification of PC 40 is recovered by using the identified encryption algorithm.] 

[Further, the identifier which PC 40 has and the identifier in the SOI field of the file format 
are compared to check if there is correspondence between the two. In the case of correspondence, 
the copy control state fi:om the RMF data, the reproduction control state, and the transmission 
control state are identified to register them in the database(RMS"DB) which the first content output 
unit 40 has.] 

[After the above process is performed, a digital content encryption key is extracted by using 
a CEK field, and the encoded digital content is interpreted by using the encryption key.] 

[At this time, in the case that PC 40 does not violate any one of the above, the content supply 
unit 30 judges that PC 40 is legal, and downloads the digital content.] 



-88- 



PATENT 
P55690 

[In the case of changing the RMF field of the file formats, in particular the reproduction 
control state, PC 40 replaces the reproduction control state data in two places of the database(RMS- 
DB) and the file format with desired data.] 

[Further, as stated above, in the case that a digital content downloaded from PC 40 is again 
downloaded to t portable terminal 50, the following precesses are required.] 

[Firstly, PC 40 receives the UTD data which portable terminal 50 of the identifier of the 
second content output unit by a request to portable terminal 50.] 

[Therefore, portable terminal 50 encodes the UTD into the third channel key(CKpD,Lc^ 
shared with PC 40 and the third channel key(CKpi3.Lcj^) is transmitted to PC 40 together with the 
identifier of the second content output unit. At this time, PC 40 identifies data transmitted from 
portable terminal 50 and extracts the identifier of portable terminal 50 and the UTD firom the 
transmitted data by using the channel key(CKpD.LCM) shared with portable terminal 50, and compares 
the extracted identifier of portable terminal 50 and the UTD with data registered in the database.] 

[If the UTD is unchanged and the RMF is changed, the first content output unit 40 updates 
the two places of the database and the file format to the changed RMF.] 

[That is, PC 40 updates the database to a newly generated UTD, and the updated UTD is 
encoded by the channel key(CKpi).Lc^|) and the encoded channel key(CKp£j.i^i^) is transmitted to 
portable terminal 50.] 

[In the meantime, PC 40 transmits a digital content to portable terminal 50, and data of an 
initial transmission control state field is 'Transfer'. As the digital content is transmitted to portable 
terminal 50, data of the transmission control state field is changed to 'Transferred'. As stated above. 
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changed data of the transmission control state field is updated in the database(RMS-DB)5 and is not 
changed in the file format. At this time, the transmission control state field has three types of 
'Transfer', 'Transferred', and 'Transfer-non'.] 

[Next, as a digital content is transmitted to portable terminal 50 fi-om PC 40, data for the copy 
control state field is initially set to the check-in in the database as well as in the file format, but after 
the digital content is transmitted, the data for the copy control state field is changed to the check-out 
both in the database and the file format.] 

[If the data for the copy control state field is set to 'Copy-never', users using the system of 
the present invention can not download the digital content of PC 40 to portable terminal 50.] 

[If the above processes are correctly performed, the digital content is downloaded to portable 
terminal 50.] 

[Hereinafter the process of the digital contents between portable terminal 50 and recording 
medium 60 as a content storage medium is explained for preventing an illegal copy in downloading 
a digital content, which portable terminal 50 has, to the content storage unit 60.] 

[Firstly, if there is the its owned ID in the content storage unit 60, portable terminal 50 record 
the digital contents which is encrypted by using the ID.] 

[Secondly, if there is the its owned ID in the content storage unit 60, portable terminal 50 
record the digital contents which is encrypted by using randomly generated key.] 

[The randomly generated key T is encrypted by using a key S of the general secret key which 
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is predeteraiined by the manufacturer of the portable terminal.] 

[The encrypted T is recorded on the hidden area of the content storage unit 60.] 
[As described above, in first case, all digital content stored in content storage unit 60 may 
be reproduced in portable terminal 50. In second case, all digital content stored in content storage 
unit 60 may be reproduced in only the portable terminal 50 which is produced by the designated 
manufacturer having this system.] 

[The portable terminal 50 transmits to the content storage unit 60 an encoded digital content 
to be recorded in the content storage unit 60 and an encoded reproduction data to reproduce the 
digital content. At this time, another encryption of data necessary to produce the encoded digital 
content is performed as follows. That is, portable terminal 50 contains a random number generation 
unit (RNG) for randomly generating a nimiber, and a function process unit(F) for function- 
processing various inputs and generating predetermined values which only the content storage unit 
60 can have. At this time, values inputted to the function process unit(F) are a random number, a 
channel key, and a bad sector address and an inherent number which the content storage unit 60 
inherently has. Further, another encryption of an encoded digital content reproduction data is 
performed by using function values generated in the function process imit(F).] 

[A digital content referred to in the present invention is downloaded fi-om PC 40 to portable 
terminal 50 and the content storage unit 60, or uploaded fi-om portable terminal 50 to PC 40,] 

[This is denoted by checking a field indicating transmission control state data of file format 
data which is provided from the database and the content supply unit 30.] 

[If, as stated above, 'transfer' is indicated as a result that the first content output unit 40 
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checks the database and the transmission control state data field of the file format, PC 40 can 
download a digital content to portable terminal 50, if the digital content is downloaded fi-om PC 40 
to portable terminal 50, 'transfer' is changed to 'transferred' in the database and the transmission 
control state data field of the file format and the changed data is transmitted to portable terminal 50.] 
[Further, since the digital content downloaded to portable terminal 50 is not in PC 40, in 
order to be again reproduced in PC 40, the digital content is again uploaded fi*om portable terminal 
50 to PC 40.] 

[However, the digital content downloaded to the content storage unit 60 fi'om PC 40 can be 
reproduced in an arbitrary second content output unit 50. Further, the digital content downloaded to 
the content storage unit 60 is uploaded to another first content output unit 40 through portable 
terminal 50.] 

[Further, various input devices are additionally connected to PC 40 and portable terminal 50 
applied to the present invention, and such input devices are shown in detail in FIG. 8.] 

[That is, the input devices which can be additionally connected to PC 40 and portable 
terminal 50 can be CD such as RedBook CD, audio CD, super audio CD, DVD Disk, and analog 
input, and the like.] 

[The audio signal inputted through the input devices is inputted to PC 40, and encoded 
according to a system supported in the present invention, and then transmitted to portable terminal 
50, or transmitted to the content storage unit 60 to be reproduced through portable terminal 50.] 
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[FIG. 8 is a view for showing an output source of Fig. 7 capable of being additionally 
connected to the embodiment of the present invention.] 

[As shown in FIGs, applied program interface (API) of the first content output unit 
(indicated as *Host' ) checks if data inputted through the CD, EMD (content provided over internet), 
PM, DVD, and the like(hereinafter, referred to as 4nput devices') can be reproduced in a system 
supported in the present invention.] 

[Therefore, if the data can be reproduced in the system supported in the present invention, 
the API converts data inputted fi"om the input devices to a format which can be reproduced in the 
system.] 

[In the meantime, as a method which data can be reproduced in the system supported in the 
present invention as stated above, first, in the case that the input devices are the super CD or DVD, 
data which checks if data recorded on the storage medium can be copied is in an area out of data 
area. The API detects the area and uses the data when converting a signal inputted to PC 40 to a file 
format supported in the present invention.] 

[Secondly, in the case that the input device is the EMD and data inputted through the EMD 
has an encoded format, the API detects an encryption key and an encryption algorithm and uses the 
data when converting a signal inputted to the first content output unit 40 to a file format supported 
in the present invention.] 

[Thirdly, if the input device is a general analog input, the API encodes inputted data 
according to a system supported in the present invention.] 

[In the meantime, the API checks if an input device and data inputted fi-om the input devices 
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are suitable for the system and transmits the following data to the import control layer,] 

[First, data for the type of a storage medium, for example, data for a type of an input device 
such as audio CD, DVD and the like, second, data for an initial form of data inputted to PC 40 from 
an input device, for example, data for a title, a player, a singer and the like, third, data for an 
^ encryption key which is data for an encryption algorithm.] 

[At this time, the data is transmitted to portable temiinal 50 from PC 40 through the first 
interface part. Further, the data inputted from the third interface part of portable terminal 50 is 
inputted to the import control layer of the second content output xmit to be restructured in a file 
format.] 

[That is, the file format formed in the import control layer of portable terminal 50 indicates 
data for a storage medium in the title-ID field, data for initial data inputted to an internet appliance 
from an input device for the CDF, data for an encryption algorithm outputted to the import control 
layer from the API of the first content output unit for the AIF, LCM-ID in the Device-ID field and 
SOI field, data for a copyright protection in the CHI field, and following data for the RMF.] 

[First of all, 'copy not available' is indicated for the copy control state, 'check-in/check-out' 
is selectively indicated for the download/upload, 'reproduction times=no limit or predetermined 
times' is selectively indicated for the reproduction control state, and 'transmission not available' is 
indicated for the reproduction control state since the copy control state is 'copy not available'.] 

[Next, CEK=k field which is a field indicating data for an encryption key, if an inputted 
digital content is not encoded, randomly generates a key(k), and a digital content inputted from the 
first content output xmit is encoded by the key(k) and indicated in the last field (ENC(k, Content)).] 
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[At this time, PC 40, if data inputted through an input device is encoded, judges what 
algorithm is used for encryption, and checks an encryption algorithm which portable terminal 50 to 
transmit an encoded digital content has.] 

[Accordingly, if two algorithms are not matched, the first content output unit 40 interprets 
an encoded digital content and performs a trans-crypted process which again encodes the digital 
content with encryption/decryption algorithm which portable terminal 50 has.] 

[In the meantime, in the file format formed through the process, there is a secret header 
portion firom the Device-ID field to the field which indicates the encryption key. The secret header 
is encoded by the second authentication qualification key(PubKeyLCM) which the first content output 
imit 40 has.] 

[In the meantime, the first interface part in PC 40 checks if portable terminal 50 has an 
identifier and the third channel key(CKp0.LCj^) and identifies if the qualification is an authenticated 
second content output unit 50.] 

[In the meantime, an analog input inputted to portable terminal 50 is inputted to the import 
control layer of a PDFM (PD Functional Module) in the portable terminal 50, and the analog input 
is converted to a file format supported in the present invention by a process described later.] 

[Here, the import control layer, if the analog input is received by firame unit, first encodes the 
firame, encodes the encoded fi*ame by using a randomly generated key, and if all fi'ames are encoded, 
a file format is formed for preventing a copy for an encoded analog input.] 

[In order to prevent an illegal copy as in data indicated for RMF, an encoded analog input 
has a detailed information.] 
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[That is, ^copy not available' is indicated for the copy control state, *check-in/check-out' is 
selectively indicated for the download/upload, 'reproduction times=no limit or predetermined times' 
is selectively indicated for the reproduction control state, and 'transmission not available' is 
indicated for the reproduction control state.] 

[Further, data of the Device-ID field and the SOI field which are prepared before the RMF 
is indicated as *PD_ID'.] 

[The secret header portion generated via the above process is encoded by the third channel 
key (CKpij.Lcj^) which the second content output unit 50 has.] 

[At this time, portable terminal 50 transmits the encoded digital content to the content storage 
unit 60, since a digital content which is transmitted to the content storage unit 60 does not indicate 
the SOI field data as an identifier which the content storage unit 60 has but as 'PD-ID' as stated 
above, the digital content can not be reproduced via arbitrary second output imit 50.] 

[That is, a digital content recorded on the content storage unit can be reproduced only in 
portable terminal 50 which has the same identifier as TD-ID' data of the SOI field contained in the 
content.] 

[Accordingly, as stated above, in the present invention, entire system shares a channel key 
between units performing mutual communication, forms a safe channel, mutually transmits and 
receives a digital content, and prevents illegal users fi:om taking the digital content on the way. 
Further, even though legal users legally downloads a digital content, since the second content output 
unit has the above structure, illegal copy of a digital content between the second content output unit 
as well as the content storage unit is prevented.] 
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[The kiosk generates a registration request signal for selling an encoded digital content by 
the content supply unit 30 through a PC. Therefore, the content supply unit 30 provides to the kiosk 
the storage medium having a digital content encoded by a system supported in the present invention 
according to the registration request signal, and the kiosk receives fees from users and transmits a 
digital content stored in the storage medium. Kiosk is a store or vending machine selling a recording 
medium or digital content which is reproduced in this system. Machine on Kiosk is regarded as a PC 
having an interface of the digital content storage medium. The recording medium interface can be 
used by any one having a supply agreement with intellectual property right owner or the digital 
content supply unit.] 

[In order to achieve the above object, the present invention includes an illegal copy protecting 
system having a portable terminal transmitting the encrypted digital content which is received from 
digital content supply unit to a digital content storage medixmi. In another preferred embodiment, 
the digital content transmitted from LCM ca be stored directly in the digital content storage medium. 
The system includes a portable terminal processing the random number stored in spare area of the 
digital content storage medium such as physical address of the bad sector of the digital content 
storage medium and transmitting the encrypted header of the digital content by using the processed 
value of the random number, and a digital content storage medium reading and transmitting the 
physical address by using the portable terminal and storing the number as a key value randomly 
generated by the portable terminal, and storing the encrypted header information encrypted by the 
resultant value and the encrypted digital content as sector data.] 
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[Portable terminal 1 00 process the random niimber stored in spare area of the digital content 
storage medixmi such as physical address of the bad sector of the digital content storage medium and 
channel key stored in the portable terminal and transmits the encrypted header of the digital content 
by using the processed value.] 

[The portable terminal can download and reproduce the MP3 music file.] 
[Storage medium 200 reads and transmits the physical address by using the portable terminal 
and storing the number as a part of the input function process F randomly generated by the portable 
terminal, and stores the encrypted header information encrypted by the resultant value and the 
encrypted digital content as sector data.] 

[The storage medium 200 is a general medium including a smart media.] 
[More details are explained hereinafter with drawings showing a system having a portable 
storage medium for protecting a illegal copy.] 

[Portable terminal 100 downloads the digital content from the content supply unit or 
PCLCM.] 

[Portable terminal 100 owns a secret key like as channel key CK with the content supply 
unit or PCLCM to form a channel between portable terminal and the content supply unit or 
PCLCM.] 

[Portable terminal 1 00 stores in the sector data area of the storage medium the digital content 
received through the input port of the portable terminal.] 

[Portable terminal 100 encrypts the header portion of the digital content in order to prevent 
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the digital content stored in the storage medium from being illegal copied in other storage medium. 
The header portion of the digital content is encrypted as a CK and transmitted from LCM to portable 
terminal 1 00. At this time, what generates the key for encryption is the function process means 110.] 
[Function process means 110 receives as an input the physical address of the bad sector 
transmitted from storage medium 200 and receives as an input the random number through the 
random generating means 120. The random number is stored in the storage medium.] 

[Therefore, fimction process means 110 receive the commonly owned key generated by 
LCM, random number, and the physical address of the bad sector of the storage medium for function 
processing and storing in the sector data area of the storage medium the encrypted header portion 
of the digital content by inputting the resultant value into the encryption and decryption means 130.] 

[It is optional to encrypt the header of the digital content by function processing after 
receiving all of the commonly owned key, random number, and the physical address of the bad 
sector or one of the commonly owned key, random number, and the physical address of the bad 
sector.] 

[EFFECT OF THE INVENTION] 

[As stated above, this invention provides the effect on protecting illegal copy between 
portable terminals because any portable has the above described same system and all systems 
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consisting this invention commonly own the channel key formed between systems conmiunicating 
each other in order to prevent the authorized user from making a copy of the legally downloaded 
digital content.] 

Even if the [storage] portable medium is copied to another [storage] portable medium, the 
digital content in the [another storage] portable medium [can not] caimot be reproduced from the 
[another storage] portable medium. Therefore, this invention provides the effect on basically 
protecting illegal copy. 

As stated above, the preferred embodiments of the present invention are shown and 
described. Although the preferred embodiments of the present invention have been described, it is 
understood that the present invention should not be limited to these preferred embodiments but 
various changes and modifications can be made by one skilled in the art within the spirit and scope 
of the present invention as hereinafter claimed. 
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Abstract [of the Disclosure] 

[In order to prevent an illegal copy of an encoded digital content downloaded by users for 
reproduction, all systems] 

Systems connected to [the] users generate a plurality of keys which are mutually shared, and 
download and upload [the] digital [content] contents by usin g secret channels formed between [units 
performing mutual communication. 

A unit for supplying the digital content] the systems. An information provider receives an 
authorization [of legally supplying the digital content] from [an authorization recognition unit]a 
certificate authority . [The first content output xmit] A licensed SDMI compliant module (LCM) is 
authenticated [form] through the [digital content supplying unit. At this time, the digital content 
supplying xrnit and the first content output unit form a sharing key to form a channel between the 
two. The second content output unit] information provider, and the information provider and the 
LCM form a channel. A portable device is authenticated from the [digital content supply unit 
through the first content output xmit, the first content output unit and the second content output unit 
form a chaimel to the channel kev] information provider through the LCM. and the LCM and the 
portable device form a channel . The digital content between the [first content output unit]LCM and 
the [second output unit] portable device is downloaded and uploaded according to respective control 
state data of the [first content output unit and the second output unit. Accordingly, the digital content 
transmitted between the digital content supply unit, the first content output xmit, and the second 
content output imit can be prevented from an illegal copy. A system having a portable recordable 
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medium for preventing an illegal copy of digital contents, and more particularly to a system having 
a portable recordable medixmi by using a physical address of bad sector formed the portable 
recordable medium during manufacturing process of the portable recordable medium and by 
encrypting a header of the encrypted digital contents stored in the portable recordable medium and 
recording the encrypted header on] LCM and the portable device. The svstem can use a physical 
address of [bad sector of the portable recordable medium. The physical address of bad sector is 
formed on the portable recordable] a bad sector formed in the portable medium durin g the 
manufacturing process [of the portable recordable medium. This is] for preventing an illegal copy 
of the downloaded digital contents through [a terminalj the portable device after the digital contents 
[has]have been downloaded. 

[An illegal copy protecting system having a portable terminal transmitting the encrypted 
digital content which is received from digital content supply unit to a digital content storage medium. 
In another preferred embodiment, the digital content transmitted from LCM ca be stored directly in 
the digital content storage medixim. The system includes a portable terminal processing the random 
number stored in spare area of the digital content storage medium such as physical address of the 
bad sector of the digital content storage medium and transmitting the encrypted header of the digital 
content by using the processed value of the random number, and a digital content storage medium 
reading and transmitting the physical address by using the portable terminal and storing the number 
as a key value randomly generated by the portable terminal, and storing the encrypted header 
information encrypted by the resultant value and the encrypted digital content as sector data] 
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